Hi Stig, The reason that ASB and also Westpac mandate that all new sign up merchants use a 3rd party page is that PX Post and other API's do not support verified by visa "3D secure passwords" at present, DPS is currently working on this and may soon be able to support 3D secure through the "web services" product, this carries the same functionality as PX Post, except it is SOAP based, not XML. See below:
http://www.paymentexpress.com/technical_resources/ecommerce_nonhosted/webservice.html - Web Services does not support 3D secure yet. Also, capturing credit card details outside of a PCI certified environment is becoming less attractive as an option for acquiring banks. This is due to the added risk the bank assumes by allowing those card details to be captured on a server outside of theirs, or a certified partner's control. Currently in New Zealand, ANZ, BNZ and National bank can allow 2 party transactions as long as their PCI-DSS requirements are met and (for most part) a self assesment questionaire is filled out by the merchant. This is on a case by case basis however, and some may still be declined or have to move to a 3rd party environment. Quite a few of the larger online retailers have moved to the 3rd party option, Ezibuy, 1-Day, The Warehouse, NZ Lotteries (LOTTO) for example, simply because this removes liability on them for protecting the credit card data. Merchants can be liable for up to US$400,000 of fines if serious breaches occur, so moves to make this less of a possibility are understandable. Ari Davies-King DPS - Payment Express On Jun 24, 4:17 pm, Stig Manning <[email protected]> wrote: > Hi PHPUG, > > This is a bit OT, but we have just been told by ASB that we cannot use > the PxPOST interface as they are requiring that the form taking credit > card details must exist on a server that is PCI compliant. > > Has anyone else experienced this requirement with ASB? > > We have a number of other PxPOST implementations with other banks that > are all signed up and running. It seems a pretty bizzare requirement, we > have Commonwealth Bank (who own ASB) implementations for Australian > websites and they don't have this requirement. > Obviously ASB have read the PCI spec differently to every other bank. We > can use the DPS Hosted Payments page to accept payments, but they are > pretty bloody ugly... > > Cheers, > Stig --~--~---------~--~----~------------~-------~--~----~ NZ PHP Users Group: http://groups.google.com/group/nzphpug To post, send email to [email protected] To unsubscribe, send email to [email protected] -~----------~----~----~----~------~----~------~--~---
